草庐IT

javascript - 如何在 Socket.io/express-sessions 中访问/保存授权事件的 session 数据?

coder 2024-07-25 原文

我在 node.js 服务器上使用 Socket.io 和 express 4 框架设置了一个 websocket。

我正在尝试在使用我的 websocket 时为我的用户实现授权步骤。

当用户连接时, token 将作为查询值传递给服务器。在服务器级别,我在数据库中查询与传递的 token 匹配的 session 。如果找到 session ,我会做一些其他检查以确保 token 未被劫持。

问题

session 数据似乎在每次重新加载页面时都会被清除。或者服务器无法将 sessionId 链接到创建它的用户,因此每次它都会生成一个新 session 。

我对“如果已设置”如何访问 session 变量感到困惑。

我的代码的问题

当用户重新加载他/她的页面/客户端时, session 数据将在新请求中变为未定义。在刷新页面之前 session 一直很好,这是我的问题。即使在用户刷新页面后,我也需要能够保持 session 处于事件状态。

问题

如何确保 session 数据不会在每次页面刷新时被清除?

这是我的授权码

io.set('authorization', function (handshakeData, accept) {

    var session = handshakeData.session || {};

    //This is always undefined!
    console.log('Session Data:' + session.icwsSessionId);

    //var cookies = handshakeData.headers.cookie;
    var token = handshakeData._query.tokenId || '';
    //console.log('Token: ' + token);

    if(!token){
        console.log('Log: token was not found');
        return accept('Token was found.', false);
    }

    //allow any user that is authorized
    if(session && session.autherized && token == session.token){
        console.log('Log: you are good to go');
        return accept('You are good to go', true);
    }

    //if the client changed their token "client logged out"
    //terminate the open session before opening a new one
    if (session.autherized && token != session.token){

        var icwsConnection = new icwsConn(icwsRequest);
        icwsRequest.setConnection(session.icwsServer, session.icwsPort);
        icwsRequest.setIcwsHeaders(session.icwsSessionId, session.icwsToken);
        icwsConnection.logout();

        session.autherized = false;
        session.token = null;
        session.icwsServer = null;
        session.icwsPort = null;
        session.icwsSessionId = null;
        session.icwsToken = null;

        icwsConnection = null;
    }

如果需要,这是我的全部代码

var env = require('./modules/config'),
    app = require('express')(),
    https = require('https'),
    fs = require('fs'),
    session = require('express-session'),
    redisStore = require("connect-redis")(session),
    sharedsession = require("express-socket.io-session"),
    base64url = require('base64url');

const server = https.createServer(
    {
        key: fs.readFileSync('certs/key.pem'),
        cert: fs.readFileSync('certs/cert.pem')
    }, function (req, res){
        res.setHeader('Access-Control-Allow-Origin', '*');
        res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');
    }
).listen(env.socket.port, env.socket.host, function () {
    console.log('\033[2J');
    console.log('Websocket is running at https://%s:%s', server.address().address, server.address().port);
});

var io = require('socket.io')(server);

const sessionMiddleware = session({
    store: new redisStore({
        host: env.redis.host,
        port: env.redis.port
    }),
    secret: env.session.secret,
    name: env.session.name,
    rolling: false,
    resave: true,
    saveUninitialized: true
});

app.use(sessionMiddleware);


// Use shared session middleware for socket.io
// setting autoSave:true
io.use(sharedsession(sessionMiddleware, {
    autoSave: true
})); 


var icwsReq = require('./modules/icws/request.js'),
    icwsConn = require('./modules/icws/connection.js'),
    icwsInter = require('./modules/icws/interactions.js'),
    sessionValidator = require('./modules/validator.js');

var clients = {};
var icwsRequest = new icwsReq();
var sessionChecker = new sessionValidator();



app.get('/', function (req, res) {
    res.send('welcome');
});

io.set('authorization', function (handshakeData, accept) {

    var session = handshakeData.session || {};

    //This is always undefined!
    console.log('Session Data:' + session.icwsSessionId);

    //var cookies = handshakeData.headers.cookie;
    var token = handshakeData._query.tokenId || '';
    //console.log('Token: ' + token);

    if(!token){
        console.log('Log: token was not found');
        return accept('Token was found.', false);
    }

    //allow any user that is authorized
    if(session && session.autherized && token == session.token){
        console.log('Log: you are good to go');
        return accept('You are good to go', true);
    }

    /*
    if (!originIsAllowed(origin)) {
        // Make sure we only accept requests from an allowed origin
        socket.destroy();
        console.log((new Date()) + ' Connection from origin ' + origin + ' rejected.');
        return false;
    }
    */

    //if the client changed their token "client logged out"
    //terminate the open session before opening a new one
    if (session.autherized && token != session.token){

        var icwsConnection = new icwsConn(icwsRequest);
        icwsRequest.setConnection(session.icwsServer, session.icwsPort);
        icwsRequest.setIcwsHeaders(session.icwsSessionId, session.icwsToken);
        icwsConnection.logout();

        session.autherized = false;
        session.token = null;
        session.icwsServer = null;
        session.icwsPort = null;
        session.icwsSessionId = null;
        session.icwsToken = null;

        icwsConnection = null;
    }

    var myIP = '10.0.4.195';

    var decodedToken = base64url.decode(token);

    sessionChecker.validateData(decodedToken, myIP, env.session.duration, function(isValid, icws){

        if(isValid){

            session.authorized = true;
            session.icwsServer = icws.host;
            session.icwsPort = icws.port;
            session.token = token;
            session.icwsSessionId = null;
            session.icwsToken = null;

            icwsRequest.setConnection(icws.host, icws.port);
            var icwsConnection = new icwsConn(icwsRequest);

            icwsConnection.login(icws.username, icws.password, function(isLogged, icwsSession, headers){

                if(isLogged && icwsSession.sessionId && icwsSession.csrfToken){

                    //icwsConnection.setWorkstation(icws.workstaton);
                    session.icwsSessionId = icwsSession.sessionId;
                    session.icwsToken = icwsSession.csrfToken;

                    icwsRequest.setIcwsHeaders(session.icwsSessionId, session.icwsToken);
                    console.log('Log: new connection to ICWS! ' + session.icwsSessionId );
                }

            });

            console.log('Log: new connection to websocket!')
            return accept('New connection to websocket!', true);

        } else {

            console.log('Log: token could not be validated!');
            return accept('Token could not be validated!', false);
        }

    });

});


io.on('connection', function (socket) { 


    console.log('Authorized Session! Websocket id ready for action!');
    //var origin = socket.request.headers.origin || '';
    //var myIP = socket.request.socket.remoteAddress || '';

    if(!socket.request.sessionID){
        console.log('Missing Session ID');
        return false;
    }

    var socketId = socket.id;
    var sessionID = socket.request.sessionID;


    //Add this socket to the user's connection
    if(userCons.indexOf(socketId) == -1){
        userCons.push(socketId);
    }

    clients[sessionID] = userCons;

    console.log(clients); //display all connected clients

    socket.on('placeCall', function(msg){

        icwsInter.call(method, uri, params, header, true);

    });

    socket.on('chat', function(msg){
        console.log('Chat Message: ' + msg);
        socket.emit('chat', { message: msg });
    });


    socket.on('disconnect', function(msg){
        console.log('Closing sessionID: ' + sessionID);
        var userCons = clients[sessionID] || [];

        var index = userCons.indexOf(socketId);

        if(index > -1){
            userCons.splice(index, 1);
            console.log('Removed Disconnect Message: ' + msg);
        } else {
            console.log('Disconnect Message: ' + msg);
        }

    }); 

    socket.on('error', function(msg){
        console.log('Error Message: ' + msg);
    }); 

});


function originIsAllowed(origin) {
    // put logic here to detect whether the specified origin is allowed.
        var allowed = env.session.allowedOrigins || []

        if(allowed.indexOf(origin) >= 0){
            return true;
        }

    return false;
}

已编辑

io cookie 在每次请求时都会发生变化。创建 io cookie 时,它​​的最后访问值为 12/31/1969 4:00:00 PM

此外,此 cookie 在每次重新加载页面时都会发生变化。

在 @Osk 下面的建议之后这是我的新代码,它仍然没有在页面重新加载时保存我的 session 数据。

var env = require('./modules/config'),
    app = require('express')(),
    https = require('https'),
    fs = require('fs'),
    session = require('express-session'),
    redisStore = require("connect-redis")(session),
    sharedsession = require("express-socket.io-session"),
    base64url = require('base64url'),
    cookieParser = require("cookie-parser");

const server = https.createServer(
    {
        key: fs.readFileSync('certs/key.pem'),
        cert: fs.readFileSync('certs/cert.pem')
    }, function (req, res){
        res.setHeader('Access-Control-Allow-Origin', '*');
        res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');
    }
).listen(env.socket.port, env.socket.host, function () {
    console.log('\033[2J');
    console.log('Websocket is running at https://%s:%s', server.address().address, server.address().port);
});

var io = require('socket.io')(server);
var sessionStore = new redisStore({
        host: env.redis.host,
        port: env.redis.port
    });

const sessionMiddleware = session({
        store: sessionStore,
        secret: env.session.secret,
        name: env.session.name,
        rolling: true,
        resave: false,
        saveUninitialized: false,
        cookie: { 
            maxAge: 60 * 60 * 1000
        }
    });


app.use(sessionMiddleware);

// Use shared session middleware for socket.io
// setting autoSave:true
io.use(sharedsession(sessionMiddleware, {
    autoSave: false
})); 

var icwsReq = require('./modules/icws/request.js'),
    icwsConn = require('./modules/icws/connection.js'),
    icwsInter = require('./modules/icws/interactions.js'),
    sessionValidator = require('./modules/validator.js');

var clients = {};

var icwsRequest = new icwsReq();
var sessionChecker = new sessionValidator();



app.get('/', function (req, res) {
    res.send('welcome');
});


//Middleware for authorizing a user before establishing a connection
io.use(function(socket, next) {


    var origin = socket.request.headers.origin || '';

    if (!originIsAllowed(origin)) {
        // Make sure we only accept requests from an allowed origin
        socket.destroy();
        console.log((new Date()) + ' Connection from origin ' + origin + ' rejected.');
        return false;
    }

    var myIP = socket.request.socket.remoteAddress || '';
    var token = socket.handshake.query.tokenId || '';
    var session = socket.handshake.session || {};

    //This should be defined on a reload
    console.log('IP Address: ' + myIP + '      SessionID: ' + socket.handshake.sessionID);

    if(!token){
        console.log('Log: token was not found');
        return next(new Error('Token not found'));
    }

    //allow any user that is authorized
    if(session && session.autherized && token == session.token){
        console.log('Log: you are good to go');
        return next(new Error('You are good to go'));
    }

    //if the client changed their token "client logged out"
    //terminate the open session before opening a new one
    if (session.autherized && token != session.token){

        var icwsConnection = new icwsConn(icwsRequest);
        icwsRequest.setConnection(session.icwsServer, session.icwsPort);
        icwsRequest.setIcwsHeaders(session.icwsSessionId, session.icwsToken);
        icwsConnection.logout();

        session.autherized = false;
        session.token = null;
        session.icwsServer = null;
        session.icwsPort = null;
        session.icwsSessionId = null;
        session.icwsToken = null;
        icwsConnection = null;
        session.save();
    }

    var decodedToken = base64url.decode(token);

    sessionChecker.validateData(decodedToken, myIP, env.session.duration, function(isValid, icws){

        if(isValid){

            session.authorized = true;
            session.icwsServer = icws.host;
            session.icwsPort = icws.port;
            session.token = token;
            session.icwsSessionId = null;
            session.icwsToken = null;

            icwsRequest.setConnection(icws.host, icws.port);
            var icwsConnection = new icwsConn(icwsRequest);
            /*
            icwsConnection.login(icws.username, icws.password, function(isLogged, icwsSession, headers){

                if(isLogged && icwsSession.sessionId && icwsSession.csrfToken){

                    //icwsConnection.setWorkstation(icws.workstaton);
                    session.icwsSessionId = icwsSession.sessionId;
                    session.icwsToken = icwsSession.csrfToken;

                    icwsRequest.setIcwsHeaders(session.icwsSessionId, session.icwsToken);
                    console.log('Log: new connection to ICWS! ' + session.icwsSessionId );
                }

            });
            */
            session.save(function(){
                console.log('Log: new connection to websocket!');   
            });

            return next();

        } else {

            console.log('Log: token could not be validated!');
            return next(new Error('Token could not be validated!'));
        }

    });

});


io.on('connection', function (socket) { 

    console.log('Connection is validated and ready for action!');

    var socketId = socket.id;

    if(!socket.handshake.sessionID){
        console.log('sessionId was not found');
        return false;
    }

    var sessionID = socket.handshake.sessionID;
    var userCons = clients[sessionID] || [];

    //Add this socket to the user's connection
    if(userCons.indexOf(socketId) == -1){
        userCons.push(socketId);
    }

    clients[sessionID] = userCons;

    //console.log(clients);

    socket.on('placeCall', function(msg){

        icws.call(method, uri, params, header, true);

    });

    socket.on('chat', function(msg){
        console.log('Chat Message: ' + msg);
        socket.emit('chat', { message: msg });
    });


    socket.on('disconnect', function(msg){
        console.log('Closing sessionID: ' + sessionID);
        var userCons = clients[sessionID] || [];

        var index = userCons.indexOf(socketId);

        if(index > -1){
            userCons.splice(index, 1);
            console.log('Removed Disconnect Message: ' + msg);
        } else {
            console.log('Disconnect Message: ' + msg);
        }

    }); 

    socket.on('error', function(msg){
        console.log('Error Message: ' + msg);
    }); 

});


function originIsAllowed(origin) {
    // put logic here to detect whether the specified origin is allowed.
        var allowed = env.session.allowedOrigins || []

        if(allowed.indexOf(origin) >= 0){
            return true;
        }

    return false;
}

最佳答案

您使用的是哪个版本的 socket.io?

express-socket.io-session 适用于 socket.io 1.x

我看到您正在调用 io.set(),它在 socket.io 1.x 上已弃用

有关这方面的更多信息,请查看 http://socket.io/docs/migrating-from-0-9/在标题身份验证差异下。 那里说

The old io.set() and io.get() methods are deprecated and only supported for backwards compatibility."

这可能与您的问题有关吗?

当您安装 express-socket.io-session 包时,包内有一个示例目录。针对此模块的工作示例进行测试可能会派上用场。

关于javascript - 如何在 Socket.io/express-sessions 中访问/保存授权事件的 session 数据?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32636155/

express-sessions何在session39socketjavascriptnode.jsexpresswebsocketsocket.io

有关javascript - 如何在 Socket.io/express-sessions 中访问/保存授权事件的 session 数据?的更多相关文章

  1. ruby - 如何在 Ruby 中顺序创建 PI - 2

    出于纯粹的兴趣,我很好奇如何按顺序创建PI,而不是在过程结果之后生成数字,而是让数字在过程本身生成时显示。如果是这种情况,那么数字可以自行产生,我可以对以前看到的数字实现垃圾收集,从而创建一个无限系列。结果只是在Pi系列之后每秒生成一个数字。这是我通过互联网筛选的结果:这是流行的计算机友好算法,类机器算法:defarccot(x,unity)xpow=unity/xn=1sign=1sum=0loopdoterm=xpow/nbreakifterm==0sum+=sign*(xpow/n)xpow/=x*xn+=2sign=-signendsumenddefcalc_pi(digits

  2. ruby-openid:执行发现时未设置@socket - 2

    我在使用omniauth/openid时遇到了一些麻烦。在尝试进行身份验证时,我在日志中发现了这一点:OpenID::FetchingError:Errorfetchinghttps://www.google.com/accounts/o8/.well-known/host-meta?hd=profiles.google.com%2Fmy_username:undefinedmethod`io'fornil:NilClass重要的是undefinedmethodio'fornil:NilClass来自openid/fetchers.rb,在下面的代码片段中:moduleNetclass

  3. ruby - 如何在 buildr 项目中使用 Ruby 代码? - 2

    如何在buildr项目中使用Ruby?我在很多不同的项目中使用过Ruby、JRuby、Java和Clojure。我目前正在使用我的标准Ruby开发一个模拟应用程序,我想尝试使用Clojure后端(我确实喜欢功能代码)以及JRubygui和测试套件。我还可以看到在未来的不同项目中使用Scala作为后端。我想我要为我的项目尝试一下buildr(http://buildr.apache.org/),但我注意到buildr似乎没有设置为在项目中使用JRuby代码本身!这看起来有点傻,因为该工具旨在统一通用的JVM语言并且是在ruby中构建的。除了将输出的jar包含在一个独特的、仅限ruby​​

  4. ruby - 什么是填充的 Base64 编码字符串以及如何在 ruby​​ 中生成它们? - 2

    我正在使用的第三方API的文档状态:"[O]urAPIonlyacceptspaddedBase64encodedstrings."什么是“填充的Base64编码字符串”以及如何在Ruby中生成它们。下面的代码是我第一次尝试创建转换为Base64的JSON格式数据。xa=Base64.encode64(a.to_json) 最佳答案 他们说的padding其实就是Base64本身的一部分。它是末尾的“=”和“==”。Base64将3个字节的数据包编码为4个编码字符。所以如果你的输入数据有长度n和n%3=1=>"=="末尾用于填充n%

  5. ruby-on-rails - 如何在 ruby​​ 中使用两个参数异步运行 exe? - 2

    exe应该在我打开页面时运行。异步进程需要运行。有什么方法可以在ruby​​中使用两个参数异步运行exe吗?我已经尝试过ruby​​命令-system()、exec()但它正在等待过程完成。我需要用参数启动exe,无需等待进程完成是否有任何ruby​​gems会支持我的问题? 最佳答案 您可以使用Process.spawn和Process.wait2:pid=Process.spawn'your.exe','--option'#Later...pid,status=Process.wait2pid您的程序将作为解释器的子进程执行。除

  6. ruby - 如何在续集中重新加载表模式? - 2

    鉴于我有以下迁移:Sequel.migrationdoupdoalter_table:usersdoadd_column:is_admin,:default=>falseend#SequelrunsaDESCRIBEtablestatement,whenthemodelisloaded.#Atthispoint,itdoesnotknowthatusershaveais_adminflag.#Soitfails.@user=User.find(:email=>"admin@fancy-startup.example")@user.is_admin=true@user.save!ende

  7. ruby - 如何在 Ruby 中拆分参数字符串 Bash 样式? - 2

    我正在为一个项目制作一个简单的shell,我希望像在Bash中一样解析参数字符串。foobar"helloworld"fooz应该变成:["foo","bar","helloworld","fooz"]等等。到目前为止,我一直在使用CSV::parse_line,将列分隔符设置为""和.compact输出。问题是我现在必须选择是要支持单引号还是双引号。CSV不支持超过一个分隔符。Python有一个名为shlex的模块:>>>shlex.split("Test'helloworld'foo")['Test','helloworld','foo']>>>shlex.split('Test"

  8. ruby - 如何在 Lion 上安装 Xcode 4.6,需要用 RVM 升级 ruby - 2

    我实际上是在尝试使用RVM在我的OSX10.7.5上更新ruby,并在输入以下命令后:rvminstallruby我得到了以下回复:Searchingforbinaryrubies,thismighttakesometime.Checkingrequirementsforosx.Installingrequirementsforosx.Updatingsystem.......Errorrunning'requirements_osx_brew_update_systemruby-2.0.0-p247',pleaseread/Users/username/.rvm/log/138121

  9. ruby-on-rails - 如何在 ruby​​ 交互式 shell 中有多行? - 2

    这可能是个愚蠢的问题。但是,我是一个新手......你怎么能在交互式ruby​​shell中有多行代码?好像你只能有一条长线。按回车键运行代码。无论如何我可以在不运行代码的情况下跳到下一行吗?再次抱歉,如果这是一个愚蠢的问题。谢谢。 最佳答案 这是一个例子:2.1.2:053>a=1=>12.1.2:054>b=2=>22.1.2:055>a+b=>32.1.2:056>ifa>b#Thecode‘if..."startsthedefinitionoftheconditionalstatement.2.1.2:057?>puts"f

  10. ruby-on-rails - 如何在我的 Rails 应用程序 View 中打印 ruby​​ 变量的内容? - 2

    我是一个Rails初学者,但我想从我的RailsView(html.haml文件)中查看Ruby变量的内容。我试图在ruby​​中打印出变量(认为它会在终端中出现),但没有得到任何结果。有什么建议吗?我知道Rails调试器,但更喜欢使用inspect来打印我的变量。 最佳答案 您可以在View中使用puts方法将信息输出到服务器控制台。您应该能够在View中的任何位置使用Haml执行以下操作:-puts@my_variable.inspect 关于ruby-on-rails-如何在我的R

随机推荐